1
0
Fork 0

Fix user creation by moderators

This commit is contained in:
Chocobozzz 2019-08-22 10:59:14 +02:00
parent 015d9dec91
commit dea16773df
No known key found for this signature in database
GPG key ID: 583A612D890159BE

View file

@ -38,7 +38,9 @@ const usersAddValidator = [
body('email').isEmail().withMessage('Should have a valid email'),
body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),
body('role')
.customSanitizer(toIntOrNull)
.custom(isUserRoleValid).withMessage('Should have a valid role'),
body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
@ -50,7 +52,7 @@ const usersAddValidator = [
const authUser = res.locals.oauth.token.User
if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) {
return res.status(403)
.json({ error: 'You can only create users (and not administrators or moderators' })
.json({ error: 'You can only create users (and not administrators or moderators)' })
}
return next()
@ -160,7 +162,10 @@ const usersUpdateValidator = [
body('emailVerified').optional().isBoolean().withMessage('Should have a valid email verified attribute'),
body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
body('videoQuotaDaily').optional().custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),
body('role')
.optional()
.customSanitizer(toIntOrNull)
.custom(isUserRoleValid).withMessage('Should have a valid role'),
body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {